Connect with us

SEO

5 HTTP Security Headers You Need To Know For SEO

Published

on

5 HTTP Security Headers You Need To Know For SEO

Security headers are easily overlooked in website audits.

While some may say that website security is not an SEO-related concern, it does become SEO-related when a site becomes hacked and search traffic dwindles to zero.

Security headers should be a top concern of everyone who publishes anything on the Internet.

The good news is that they are relatively simple to configure and will help keep your website and its visitors safe.

in this column, you’ll learn what security headers are and how they work as well as the top 5 security headers, how to implement them, which WordPress plugins you can use for setting security headers, and more.

Let’s get started!

What Are Security Headers?

Security headers are directives browsers must follow that are passed along through the HTTP header response.

An HTTP header is a response by a web server to a browser that is trying to access a web page.

The header response communicates things such as when the web page does not exist (400 response header).

Or that it’s okay to download a font from Google but not to trust any other data outside of the website’s domain.

In that example, the part that tells the browser that it’s okay to download Google fonts but not trust any files originating elsewhere other than the website itself is a security directive.

A security directive like that will block a browser from downloading malicious files from another website.

Security headers introduce restrictions and instructions that prevent unintended security events.

Why Use Security Headers?

Automated bot software are constantly probing and testing websites for security weaknesses.

These vulnerabilities can be introduced by the content management system, by the JavaScript library used to add functionality, and for security weaknesses introduced by a plugin or a theme.

Websites that use security headers are said to be hardened against security threats.

While a website can get along without using security headers by keeping its components up to date and using security plugins, doing so needlessly exposes the website and the site visitors to security risks.

For example, security plugins can’t stop ad injections that rob a site owner of ad revenue.

Perhaps the best reason to use security headers is because they are relatively easy to implement and ensure that a website keeps running normally.

Top 5 Security Headers

1. Content-Security-Policy (CSP)

A content security policy (CSP) helps to protect a website and the site visitors from Cross Site Scripting (XSS) attacks and from data injection attacks.

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) exploits happen when hackers take advantage of a security hole to upload malicious scripts to a website which are then downloaded to a victim’s browser.

XSS attacks take advantage of flaws in a content management system that allows unexpected inputs to be injected because of insufficient user input file sanitization.

For example, ordinarily, an email form should be coded to expect a restricted input.

A poorly coded form may allow some other input which can then lead to an injection of malicious files.

An XSS attack can be used to steal passwords or as part of a multi-step hacking event.

Injection Attacks

The Open Web Application Security Project (OWASP) describes injection attacks as a serious security risk:

“Injection is an attacker’s attempt to send data to an application in a way that will change the meaning of commands being sent to an interpreter.

For example, the most common example is SQL injection, where an attacker sends “101 OR 1=1” instead of just “101”. When included in a SQL query, this data changes the meaning to return ALL records instead of just one.

…Frequently these interpreters run with a lot of access, so a successful attack can easily result in significant data breaches, or even loss of control of a browser, application, or server. Taken together, injection attacks are a huge percentage of the serious application security risk.”

The content security policy by itself does not 100% protect a site from attacks but it does help to diminish the possibility of a cross site scripting attack.

A CSP header instructs the browser to only download resources from a set group of domains and only from those domains.

Any attacker that is downloading malicious scripts from another server outside of that trusted group will be blocked.

Creating a content security policy can be as strict or as lenient as a publisher requires.

Warning: However, setting one up can be a little tricky because you have to list all of the scripts and resources that are being downloaded from outside of your domain in order to whitelist them.

2. Strict-Transport-Security Header (HSTS)

The Strict-Transport-Security Header is also called the HTTP Strict Transport Security header (HSTS).

Many websites only have a 301 redirect from HTTP to HTTPS.

But that’s not enough to keep the website secure because the website is still vulnerable to a man-in-the-middle attack.

HSTS prevents an attacker from downgrading the HTTPS connection to an HTTP connection which then allows the attacker to take advantage of insecure redirects.

For example, if a person types in example.com to access a site, without actually typing in the https part (or they simply type http out of habit), then the opportunity exists for a man-in-the-middle attack.

That kind of attack can compromise the site visitors’ connection to the website and any sensitive information exchanged between the visitor and the website becomes visible to the attacker.

For example, an attacker can intercept cookies that contain sensitive information like login credentials.

The United States government lists three scenarios where HTTPS can be downgraded to HTTP and subsequently allow an attacker to compromise security.

These are the three ways HTTPS can be downgraded:

  • When a user types “gsa.gov” into the URL bar, browsers default to using http://.
  • A user may click on an old link that mistakenly uses an http:// URL.
  • A user’s network may be hostile and actively rewrite https:// links to http://.

The HSTS header prevents this from happening by forcing the browser to absolutely not accept an HTTP connection.

The HTTP Strict Transport Security (HSTS) header tells the browser that the entire website should only be accessed by a secure HTTPS protocol.

Side Note: How To Preload HSTS Into Chrome

On a related note, Google Chrome has an HSTS Preload program where publishers can submit their sites to be listed by Chrome as only accessible via the HTTPS protocol.

Many Chrome-based web browsers will subsequently preload these websites with HTTPS and only via HTTPS, hard coding that standard right into the browser.

Qualifying sites must already be serving the HSTS security header.

These are the four requirements needed to qualify for Chrome HSTS preloading:

  1. “Serve a valid certificate.
  2. Redirect from HTTP to HTTPS on the same host, if you are listening on port 80.
  3. Serve all subdomains over HTTPS. In particular, you must support HTTPS for the www subdomain if a DNS record for that subdomain exists.
  4. Serve an HSTS header on the base domain for HTTPS requests:- The max-age must be at least 31536000 seconds (1 year).- The includeSubDomains directive must be specified.- The preload directive must be specified.- If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (rather than the page it redirects to).

You’ll find more information at hstspreload.org.

3. X-Content-Type-Options

This security header stops certain kinds of exploits that can happen, for example, through malicious user-generated content.

Browsers can “sniff” if a content is an image (.jpg), a movie (.mp4), or text, HTML, JavaScript, and other kinds of content that can be downloaded from a website.

The “sniffing” allows a browser to download the web page elements and correctly render them, in particular in situations when the metadata the browser needs to render the element is missing.

Sniffing allows the browser to figure out what the element is (an image, text, etc.) and then render that element.

Hackers however will try to trick browsers into thinking that a harmful JavaScript file is actually an image, allowing the browser to download the file and then subsequently executing that file, causing any number of negative outcomes for that site visitor, especially with what’s known as a Drive-by Download Attack.

The X-Content-Type-Options header can stop that and other related attacks by disabling the ability of browsers from “sniffing” for the content type.

4. X-Frame-Options

The X-Frame-Options security header helps stop click-jacking attacks.

Mozilla describes Click-jacking as:

“…the practice of tricking a user into clicking on a link, button, etc. that is other than what the user thinks it is.

This can be used, for example, to steal login credentials or to get the user’s unwitting permission to install a piece of malware.”

The X-Frame-Options header works by preventing a web page from being rendered within an iframe, for example.

It prevents more than just iframe-based attacks, though.

Microsoft defines frame sniffing in this way:

“Framesniffing is an attack technique that takes advantage of browser functionality to steal data from a website.

Web applications that allow their content to be hosted in a cross-domain IFRAME may be vulnerable to this attack.

The X-Frame-Options header can be used to control whether a page can be placed in an IFRAME.

Because the Framesniffing technique relies on being able to place the victim site in an IFRAME, a web application can protect itself by sending an appropriate X-Frame-Options header.”

The Open Web Application Security Project (OWASP) provides a helpful explanation of click-jacking attacks:

“…imagine an attacker who builds a web site that has a button on it that says “click here for a free iPod”.

However, on top of that web page, the attacker has loaded an iframe with your mail account, and lined up exactly the “delete all messages” button directly on top of the “free iPod” button.

The victim tries to click on the “free iPod” button but instead actually clicked on the invisible “delete all messages” button.

In essence, the attacker has “hijacked” the user’s click, hence the name “Clickjacking”.”

The X-Frame-Options header is important for protecting your site visitors as well as your site’s reputation.

The OWASP web page on click-jacking goes on to describe how Adobe Flash fell victim to a click-jacking attack that allowed hackers to take control of microphones and cameras, thus cementing Flash’s negative reputation as a security nightmare.

Becoming known across social media and the greater Internet as a security hazard is bad for business.

The X-Frame-Options header is a useful security measure to implement.

5. Referrer-Policy

The purpose of a Referrer-Policy header is to allow a website publisher to control what information is sent when a site visitor clicks a link to visit another website.

When a site visitor clicks a link and lands on another site, the visitor’s browser provides information about what web page sent that visit.

When you look at your server logs the referrer information is sent that tells what sites sent visitors.

However, there are some situations where the URL of the site referring a visitor to another visitor could contain sensitive information which could be leaked to a third party.

How the Referrer-Policy works is by limiting how much information is sent after a site visitor clicks a link.

A website publisher can choose to send no information as to the referrer, they can choose to send just the domain name or they can send the entire URL string.

There are eight directives that can be sent using the Referrer-Policy header:

  • Referrer-Policy: no-referrer.
  • Referrer-Policy: no-referrer-when-downgrade.
  • Referrer-Policy: origin.
  • Referrer-Policy: origin-when-cross-origin.
  • Referrer-Policy: same-origin.
  • Referrer-Policy: strict-origin.
  • Referrer-Policy: strict-origin-when-cross-origin.
  • Referrer-Policy: unsafe-url.

A common referrer policy setting is Header “no-referrer-when-downgrade” which means that referrer information will be sent to trustworthy URLs that are on HTTPS but that no referrer information will be sent to untrusted HTTP websites.

It is important to note that the referrer policy setting will not affect affiliate links.

The referrer information is coded within the landing page URL, thus the referrer information and earnings are recorded by the merchant receiving the affiliate referral.

How To Implement Security Headers

There are multiple ways to set security headers, and one popular way is with an .htaccess file.

A benefit of using the .htaccess file is that it saves a publisher from downloading another plugin.

Poorly coded plugins can become a security risk, so minimizing the number of installed plugins can be useful.

Important: Every security header implementation is going to be different according to the specifics of each website, especially the Content-Security-Policy (CSP).

WordPress Plugins For Setting Security Headers

There are some popular plugins that are already installed on millions of websites that come with the option for setting security headers.

If you already have these plugins installed, then the option for using a plugin rather than fussing with an .htaccess file is there for those who would prefer the convenience.

Really Simple SSL Pro

Over five million websites already have Really Simple SSL installed.

Upgrading to the reasonably priced pro version provides the option for setting up to eight security headers the easy way.

Redirection

The 100% free WordPress Redirection plugin has been around for over ten years and is installed on over 2 million websites.

This plugin allows you to choose from many different preset security headers in addition to the top five listed in this article.

Preset means that you can choose from the standard directives.

According to the Redirection WordPress download page:

“ADD HTTP HEADERS
HTTP headers can be added to redirects or your entire site that help reduce the impact of redirects or help increase security. You can also add your own custom headers.”

Additionally, the Redirection plugin allows you to custom craft your own security headers if there’s something there you don’t find.

Screenshot of Security Headers UI, February 2022

The Redirection plugin makes it easy to successfully install the top five security headers:

  • X-Frame-Options.
  • X-Content-Type-Options.
  • Referrer-Policy.
  • Strict-Transport-Security.
  • Content-Security-Policy.

Set Security Headers With Cloudflare

Cloudflare has a way to set security headers using their Cloudflare workers.

Cloudflare also has another support page with directions:

“Attaching headers
To attach headers to Cloudflare Pages responses, create a _headers plain text file in the output folder of your project.

It is usually the folder that contains the deploy-ready HTML files and assets generated by the build, such as favicons.

The _headers file should not always be in the root directory of the repository. Changes to headers will be updated to your website at build time, so make sure you commit and push the file to trigger a new build each time you update headers.

Header rules are defined in multi-line blocks.

The first line of a block is the URL or URL pattern where the rule’s headers should be applied. On the next line, an indented list of header names and header values must be written…”

How To Check Security Headers

Security headers are easy to check.

SecurityHeaders.com offers a free security header checking service.

Web auditing software Screaming Frog also has the option for checking headers which is available in the Security Tab.

Make Security Headers A Part Of Your SEO Audits

Security headers are something that many publishers or SEO experts might not consider.

But security headers are important and should be top of mind in every site audit, whether that audit is conducted in-house or by third-party SEO site auditing.

Website security is an SEO-related issue because failure to mitigate negative security issues can reverse every ranking-related success.

A negative reputation can hurt rankings and sales.

Loss of search visibility causes devastating losses.

Implementing security headers is relatively easy, it should be among the top boxes to check when publishing any website.

More resources: 


Featured Image: Monkey Business Images/Shutterstock




Source link

SEO

Keyword Mapping. A Practical Guide for the Curious

Published

on

Keyword Mapping. A Practical Guide for the Curious

Deciding whether a keyword should be targeted by a separate page or clustered with other keywords is a common problem in SEO. Keyword mapping is a process aimed at solving this.

Keyword mapping is popularly defined as assigning keywords to pages. But what you really need to solve the problem is assigning topics to content types

In this article, I’ll explain the benefits of this approach and, more importantly, I’ll show you the process. No templates required.

Benefits of keyword mapping (the alternative way) 

Fact 1. Google may see seemingly different keywords as the same topic.

For example, we rank for these keywords in the top 10 with a single page: 

  • seo basics”
  • how to use seo” 
  • beginner’s guide to seo”
  • getting started with seo”
  • seo knowledge”

Fact 2. Conversely, Google may see seemingly similar keywords as different topics. 

For example, let’s compare “digital marketing” with “online marketing.” I’d say those two keywords are pretty close to each other. Google disagrees. 

Low SERP similarity score signals potentially different topics
Everywhere you look, the same story. Top-ranking pages and our SERP similarity score (100-point scale; the more, the higher similarity) say that these are completely different topics SEO-wise.

The above two facts are also reasons why keyword mapping by just relying on keywords is not the optimal way. You won’t know whether you’re wasting your time targeting the same topic with different keywords or just “confusing” Google. 

But why content types instead of pages or even URLs? Because before you decide what page will be used to target the keyword, you’ll need to identify the search intent of the keyword. And a good starting point for that is identifying the dominating type of content on the first page of Google. 

To sum up, the benefits of keyword mapping using topics and content types are: 

  • Seeing keywords the same way Google sees them: as topics and subtopics. 
  • Incorporating search intent into the process. 
  • Keeping an organized list of topics, which also helps to prevent duplicating content.

Note

Keyword mapping can’t substitute keyword research. While keyword mapping is basically a form of organizing keywords, keyword research provides you the keywords and the confidence that: 

  • Your keywords have traffic potential.
  • You can match the search intent behind your keywords.
  • Your keywords will bring valuable traffic. 
  • You can rank for those keywords. 

Learn how to choose the right keywords with our full guide.

Going further, we’ll look at two levels of using this method: the fast lane and the more thorough one. 

Learn more: What Is Semantic Search? How It Impacts SEO 

Level 1 – Fast, reasonable job

You’ll need a keyword research tool that can do keyword grouping based on what’s on the SERP, such as Ahrefs’ Keywords Explorer. In the case of this tool: 

  1. Enter your keywords
  2. Open Matching terms report
  3. Go to the Parent topics tab 
Three steps to find Parent Topics via Keywords Explorer

If you click on a Parent Topic, you will find separate topics “distilled” from your keywords. So for example, you will see keywords like “can babies get covid” and “babies and covid” grouped under the same topic. 

Keywords grouped under the same Parent Topic

Sidenote.

To identify the Parent Topic, we take the #1 ranking page for your keyword and find the keyword responsible for sending the most traffic to that page.

At this level of keyword mapping, your target keyword is the Parent Topic (not the keywords inside that Parent Topic). 

The next step is to identify the content type. The easiest way to do this is to see what kind of content dominates the first three to five results in Google. 

Typical content types are:

  • Articles
  • Videos
  • Product pages
  • Product category pages
  • Landing pages 
Top-ranking pages with a dominating content type
For example, the dominating content type for “teething symptoms” is the article.

As a result, assigning topics to content types will give you a super simple yet highly actionable database.

Topic Content type
Teething symptoms Article
When do babies roll over Article
Baby formula Mixed (product pages on top)
When can babies have water Article

Sidenote.

What about secondary keywords or supporting keywords? We recommend picking them in the content creation phase as subtopics needed to cover a topic in full. Learn a few ways you can find them here.

So this is the fast method. The great thing about it is that it automates keyword grouping by using real SERP data (and not just semantics). 

However, it has its downsides too. Sometimes, it “hides” less popular topics that could potentially be targeted with a separate page. Here’s why. 

The parent keyword is derived from the top-ranking page on the SERP. If Google thinks that the best answer to the query is found on a page that is targeting a broader topic, it will still use it. This may result in a confusing SERP like this one: 

Confusing SERP example
The top result is a featured snippet taken from a page with a broader topic. Hence, the Parent Topic (here seen as “Top keyword”) in Ahrefs. But pretty much every other page on the SERP targets the keywords directly.

This kind of situation probably won’t happen too often. But if you want to squeeze everything out of your keyword mapping process, you need to go to level 2. 

Level 2 – Thorough but time consuming

In level 2, we’re going to take a closer look at the Parent Topics to see what’s in them. 

  1. First, you should pick a Parent Topic.
  2. Sort keywords inside the topic by KD (Keyword Difficulty). Big differences in KD will be an indication of a different set of pages on the SERP.
  3. If you see a keyword with a significantly different KD than the Parent Topic, click on the SERP button.
  4. See if the top-ranking pages, excluding the first result, talk about the keyword instead of the Parent Topic. You can use the Compare with feature for a quick overview of the situation. The lower the SERP similarity score, the higher the probability you’re looking at two different topics. 
How to investigate Parent Topics

Let’s look at a couple of examples. 

In the first example, we’ve got a keyword with a KD score that’s 20 higher than the Parent Topic. Upon investigating, we see that we may be dealing with two separate topics: The SERP similarity is quite low. Also, there is only one common result, while other pages target the keyword directly. 

Keywords grouped under the same topic but have dissimilar SERPs

Next example. Here we have “teething symptoms” (KD 65) and “when do babies get molars” (KD 28). Looking at SERP similarity, we see that this, again, may be a case of two topics. 

Low SERP similarity between two keywords

But there’s more. Only the bottom results target the keyword directly. Others talk about teething timelines, stages, charts, etc. This is a hint for yet another way to rank for the keyword. 

Only bottom results target the keyword directly

Generally speaking, when you see that you’re dealing with a separate topic “in disguise,” the decision comes down to:

  1. Targeting the Parent Topic anyway. For example, if the top result is a featured snippet, you may be able to win it with a page on a relevant broader topic. 
  2. Marking the keyword as a separate topic and targeting it directly with a separate page. In this case, add that keyword as a topic to target and note down the content type. 
  3. Turning to SERP analysis in tougher cases (like our example above). 

Final thoughts 

Feel free to customize the process and add your own data points. If you feel like going a step further and assigning URLs, your website folders, or introducing some kind of prioritization (e.g., business potential), this won’t hurt. 

However, keep in mind that keyword mapping is not a good way to design your entire website structure. Most often than not, not all pages on your site should be search-based. 

What are the next steps after keyword mapping? 

Got comments or questions? Ping me on Twitter or Mastodon



Source link

Continue Reading

SEO

Everything You Need To Know

Published

on

Of all the many, many functions available in Google Ads, I have a few that are my favorites. And sitelink assets – previously known as sitelink extensions – are at the top of my list.

Why? Because they’re so versatile. You can do almost anything with them if you think through your strategy carefully.

For example, you can use the mighty sitelink in your advertising to:

  • Promote low search volume themes.
  • Push lagging products out the door.
  • Maximize hot sellers.
  • Highlight certain product categories.
  • Answer common questions.
  • Handle PR problems.

And that’s just a start! Sitelink assets can almost do it all.

Best Practices For Using Sitelink Assets Extensions

If you truly want to get the most out of your sitelinks, you need to think about your intention.

To help you with that, I’m going to lay out a few sitelink guidelines.

1. Get clear on your objectives. Before you start, you need to think about your goals. What are you trying to achieve with these assets? Are you advertising products or services? Will the asset work well with both branded and non-branded keywords? Your answers to these questions will help determine if your sitelinks are versatile and useful to the searcher.

2. Use sitelinks as part of your larger strategy. Don’t think of your sitelinks in isolation. You should also consider the accompanying ad, landing page, and other assets. Make sure they all work together in service to your overarching strategy.

3. Use a mix of sitelinks. Sitelinks can serve multiple purposes, so make sure you’re using a variety. For example, you don’t want to use every sitelink on an ad to promote on-sale products. Instead, use a mix. One could promote an on-sale product, one could generate leads, one could highlight a new product category, and one could direct prospective clients to useful information.

4. Create landing pages for your sitelinks. Ideally, you want to send users to landing pages that tightly correlate with your sitelink instead of just a regular page on your website.

5. Track sitelink performance and adjust. It’s not enough to set up sitelinks. You should also track them to see which links are getting traction and which ones are not. This doesn’t mean that all sitelinks should perform equally (more on this below), but it does mean they should perform well given their type and objectives.

Why it’s Better To Use A Mix Of Sitelink Assets

Let’s dive deeper into this idea of using a mix of sitelinks by looking at an example.

In a new client account, we created four different types of sitelinks:

  • Two sitelinks are product-focused (as requested by the client).
  • One sitelink connects users with an engineer to learn more about the product (“Speak to an Engineer”). It has more of a sales focus.
  • One sitelink allows users to learn more about the products without speaking to an engineer (“What is?”).

The “What is?” sitelink is outperforming the “Speak to an Engineer” sitelink when we measure by CTR. While we need more data before making any changes, I predict we’ll eventually swap out the sales-y “Speak to an Engineer” sitelink for something else.

The fact that the educational link (“What is?”) is performing better than the sales-y link (“Speak to an Engineer”) isn’t too surprising in this case. The product is a new, cutting-edge robot that not many people are aware of, yet. They want more info before talking to someone.

Screenshot by author, January 2023

By using a mix of sitelinks, and assessing the performance of each, we gained a lot of valuable information that is helping to guide our strategy for this account. So going with a mix of sitelinks is always a good idea. You never know what you’ll discover!

Sitelink Assets Examples

Now, let’s look at some specific examples of sitelink assets in Google Ads.

Example 1: Chromatography

Sitelinks extension - Chromatography exampleScreenshot from Google, January 2023

Application Search: This ad is for a highly technical product that can be used in a wide variety of applications. (Chromatography is a laboratory technique for separating mixtures.) So putting “application search” in a sitelink here might make sense. It helps prospective clients find what they’re looking for.

Sign up and Save Big: A good sitelink for lead generation and potential revenue.

Technical Support: I’m not a big fan of putting technical support in sitelinks. Tech support seems more targeted to current users rather than prospective users. But who knows, maybe they really do want to help current users get tech support via their advertising.

Guides and Posters: Again, this sitelink is a bit unusual, but it might be appropriate for this product. Perhaps people are downloading branded posters and posting them in their workplaces. If so, it’s a great way to build brand awareness.

Example 2: Neuroscience Courses

Sitelink Extensions - Nueroscience courses exampleScreenshot from Google, January 2023

I love everything about these sitelinks! The advertising is using them to reach people in all phases of the buyer journey.

For people not ready to commit:

  • Study Neuroscience: This sitelink is broad and informational. It’s helpful to people who have just started to explore their options for studying neuroscience.
  • Get Course Brochure: This sitelink is also great for people in the research phase. And while we mostly live in an online world, some people still prefer to consume hard-copy books, brochures, etc. With this sitelink, the school is covering its bases.

For people getting close to committing:

  • Online Short Course: This is the course the school offers. It’s a great sitelink for those almost ready to sign up.

For people ready to sign up:

  • Register Online Now: This is the strongest call to action for those ready to commit. It takes people directly to the signup page.

Example 3: Neuroscience Degrees

Let’s look at another example from the world of neuroscience education: this time for a neuroscience degree program.

Sitelink extensions - neuroscience degree exampleScreenshot from Google, January 2023

In contrast to the previous two examples, the sitelinks in this ad aren’t as strong.

Academics Overview: This sitelink seems more appropriate for a broad term search, such as a search on the school’s name. If the searcher is looking for a specific degree program (which seems like the intention based on the term and the ad), the sitelinks should be something specific to that particular degree program.

Scholarships: Just as with the above sitelink, “Scholarships” doesn’t seem very helpful either. The topic of scholarships is important—but probably doesn’t need to be addressed until the person determines that this school is a good fit.

Example 4: Code Security

Next, let’s look at two Google search ads for code security products.

Sitelink extensions - code security exampleScreenshot from Google, January 2023

 

The sitelinks in these two ads look like typical assets you’d find for SaaS, cloud-based, or tech companies. They click through to a lot of helpful information, such as product plans and success stories.

I particularly like the Most Common Risks sitelink in the second ad. It leads to a helpful article that would be great for engaging top-of-funnel leads.

On the flip side, I’m not a big fan of the Blog sitelink in the first ad. “Blog” simply isn’t very descriptive or helpful.

Still, there are no right or wrong sitelinks here. And it would be interesting to test my theory that blog content is not a top-performing asset!

Sitelink Assets Are More Than An Afterthought

I hope I’ve convinced you of the usefulness and versatility of sitelinks when created with specific objectives that align with your broader strategy.

So don’t create your sitelink assets as an afterthought.

Because if you give them the careful consideration they deserve, they’ll serve you well.

Note: Google sitelink assets were previously known as sitelink extensions and renamed in September 2022.

More resources:


Featured Image: Thaspol Sangsee/Shutterstock



Source link

Continue Reading

SEO

AI Content In Search Results

Published

on

AI Content In Search Results

Google has released a statement regarding its approach to AI-generated content in search results.

The company has a long-standing policy of rewarding high-quality content, regardless of whether humans or machines produce it.

Above all, Google’s ranking systems aim to identify content that demonstrates expertise, experience, authoritativeness, and trustworthiness (E-E-A-T).

Google advises creators looking to succeed in search results to produce original, high-quality, people-first content that demonstrates E-E-A-T.

The company has updated its “Creating helpful, reliable, people-first content” help page with guidance on evaluating content in terms of “Who, How, and Why.”

Here’s how AI-generated content fits into Google’s approach to ranking high-quality content in search results.

Quality Over Production Method

Focusing on the quality of content rather than the production method has been a cornerstone of Google’s approach to ranking search results for many years.

A decade ago, there were concerns about the rise in mass-produced human-generated content.

Rather than banning all human-generated content, Google improved its systems to reward quality content.

Google’s focus on rewarding quality content, regardless of production method, continues to this day through its ranking systems and helpful content system introduced last year.

Automation & AI-Generated Content

Using automation, including AI, to generate content with the primary purpose of manipulating ranking in search results violates Google’s spam policies.

Google’s spam-fighting efforts, including its SpamBrain system, will continue to combat such practices.

However, Google realizes not all use of automation and AI-generated content is spam.

For example, publishers automate helpful content such as sports scores, weather forecasts, and transcripts.

Google says it will continue to take a responsible approach toward AI-generated content while maintaining a high bar for information quality and helpfulness in search results.

Google’s Advice For Publishers

For creators considering AI-generated content, here’s what Google advises.

Google’s concept of E-E-A-T is outlined in the “Creating helpful, reliable, people-first content” help page, which has been updated with additional guidance.

The updated help page asks publishers to think about “Who, How, and Why” concerning how content is produced.

“Who” refers to the person who created the content, and it’s important to make this clear by providing a byline or background information about the author.

“How” relates to the method used to create the content, and it’s helpful to readers to know if automation or AI was involved. If AI was involved in the content production process, Google wants you to be transparent and explain why it was used.

“Why” refers to the purpose of creating content, which should be to help people rather than to manipulate search rankings.

Evaluating your content in this way, regardless of whether AI-generated or not, will help you stay in line with what Google’s systems reward.


Featured Image: Alejandro Corral Mena/Shutterstock



Source link

Continue Reading

Trending

en_USEnglish